[Samba] samba Active directory and SSO

M.Sebbane at aui.ma M.Sebbane at aui.ma
Fri Dec 16 15:48:24 GMT 2005

Dear all,

I guess there were a lot of posts about this subject, but Im really stuck 
& prefer start a new thread hoping that some of you 
won't mind re-posting to help the Samba NewBie that I am.

well, here is my situation:
- more than 1000 users on a hetegenous network, One Domain & the need to 
keep only one.

- I need my Linux Boxes' users to get authenticated against a single AD, 
therefore I installed Samba 3 on a redhat 9 kernel 2.4, 

- smbd, nmbd & Winbind are running

- the linux boxes joined my domain using the command
        [root at LinuxBox root]#net ads join -U Administrator%password 

- I am able to view the list of the users in the AC, with:
        [root at LinuxBox root]#/usrlocal/samba/bin/wbinfo -u 

HOWEVER, I get the listing in the format username  not the supposed 

furthermore, when I try to logon the linuxbox using one of my AD users, I 
simply cannot
Please find below my config files: smb.conf, /pam.d./login & /etc/nsswitch

Thank you very much for reading my post & Please let me know if you need 
anymore information....

Best Regards,


#======================= Global Settings 

# workgroup = NT-Domain-Name or Workgroup-Name
        workgroup = medi
        netbios name = LinuxMachine
logon drive = h:
logon home = \\home_dir_server\%U
logon script = %U.bat
 winbind separator = : 
 idmap uid = 10000-20000
 idmap gid = 10000-20000
 winbind uid = 10000-20000
 winbind gid = 10000-20000
 winbind enunm users = yes
 winbind enunm groups = yes
 template homedir = /home/%D/ %U
 template shell = /bin/bash
 winbind usedefault domain = yes
 client use spnego = yes
unix extensions = yes
case sensitive = yes
delete readonly = yes
# server string is the equivalent of the NT Description field
        server string = Samba Server
max log size = 50
security = ADS
ads server =
password server =
encrypt passwords = yes
realm = medi.com
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
pam password change = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server =
username map = /etc/samba/smbusers
dns proxy = no

#============================ Share Definitions 
        comment = Home Directories
        browseable = no
        writeable = yes
        valid users = %S
        create mode = 0664
        directory mode = 0775
        path = /home/shared
        writeable = yes
        guest ok = yes

        path = /home/medi
        writeable = yes

auth       required              /lib/security/pam_securetty.so
auth       sufficient            /lib/security/pam_winbind.so
auth       sufficient            /lib/security/pam_unix.so use_first_pass
auth       required              /lib/security/pam_stack.so 
auth       required              /lib/security/pam_nologin.so
account    sufficient            /lib/security/pam_winbind.so
account    required              /lib/security/pam_stack.so 
password   required              /lib/security/pam_stack.so 
session    required              /lib/security/pam_stack.so 
session    optional              /lib/security/pam_console.so

#auth       requisite        pam_nologin.so
#auth       requisite        pam_krb5.so
#auth       optional         pam_smbpass.so migrate
#account    required         pam_krb5.so
#password   requisite        pam_cracklib.so retry=3
#password   optional         pam_smbpass.so nullok use_authtok 
#password   required         pam_krb5.so use_authtok try_first_pass
#session    required         pam_krb5.so

passwd:     files winbind
shadow:     files
group:      files winbind

Sebbane Mehdi
Network & Systems Administrator
ITS Department
Alakhawayn University
Ifrane 53000
Voice : +212 (0) 55 86 24 23
Fax:      +212 (0) 55 86 24 24

More information about the samba mailing list